Merge branch 'master' into smola/enable-api-security-by-default

Author: smola

.circleci/collect_results.sh

@@ -35,7 +35,7 @@ function get_source_file () {
         fi
       done
     done < <(grep -rl "class $class" "$file_path")
-    file_path="$common_root"
+    file_path="/$common_root"
   fi
 }
 

.github/workflows/analyze-changes.yaml

@@ -40,7 +40,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/init@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -57,7 +57,7 @@ jobs:
             --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/analyze@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
 
   trivy:
     name: Analyze changes with Trivy
@@ -109,7 +109,7 @@ jobs:
           ls -laR "./workspace/.trivy"
 
       - name: Run Trivy security scanner
-        uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
+        uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 # v0.31.0
         with:
           scan-type: rootfs
           scan-ref: './workspace/.trivy/'
@@ -122,7 +122,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'

.github/workflows/check-ci-pipelines.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Run Ensure CI Success
-        uses: DataDog/ensure-ci-success@727e7fe39ae2e1ce7ea336ec85a7369ab0731754
+        uses: DataDog/ensure-ci-success@4a4b720e881d965254a9de2a4f14d1ec0c3d0d7c
         with:
           initial-delay-seconds: "500"
           max-retries: "60"

.github/workflows/update-docker-build-image.yaml

@@ -52,7 +52,7 @@ jobs:
           echo "::notice::Using Docker build image tag: ${TAG}"
       - name: Update the Docker build image in GitLab CI config
         run: |
-          sed -i 's|JAVA_BUILD_IMAGE_VERSION:.*|JAVA_BUILD_IMAGE_VERSION:"${{ steps.define-tag.outputs.tag }}"|' .gitlab-ci.yml
+          sed -i '' -E 's|(BUILDER_IMAGE_VERSION_PREFIX:)[^#]*([#].*)|\1 "${{ steps.define-tag.outputs.tag }}-" \2|' .gitlab-ci.yml
       - name: Commit and push changes
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.gitlab-ci.yml

@@ -27,7 +27,7 @@ variables:
   GRADLE_VERSION: "8.5" # must match gradle-wrapper.properties
   MAVEN_REPOSITORY_PROXY: "http://artifactual.artifactual.all-clusters.local-dc.fabric.dog:8081/repository/maven-central/"
   GRADLE_PLUGIN_PROXY: "http://artifactual.artifactual.all-clusters.local-dc.fabric.dog:8081/repository/gradle-plugin-portal-proxy/"
-  JAVA_BUILD_IMAGE_VERSION: "v25.05"
+  BUILDER_IMAGE_VERSION_PREFIX: "" # use either an empty string (e.g. "") for latest images or a version followed by a hyphen (e.g. "v25.05-")
   REPO_NOTIFICATION_CHANNEL: "#apm-java-escalations"
   DEFAULT_TEST_JVMS: /^(8|11|17|21)$/
   PROFILE_TESTS:
@@ -48,7 +48,6 @@ variables:
       - "21"
       - "semeru11"
       - "oracle8"
-      - "ubuntu17"
       - "zulu8"
       - "semeru8"
       - "ibm8"
@@ -97,7 +96,7 @@ default:
   - echo "NORMALIZED_NODE_TOTAL=${NORMALIZED_NODE_TOTAL}, NORMALIZED_NODE_INDEX=$NORMALIZED_NODE_INDEX"
 
 .gradle_build: &gradle_build
-  image: ghcr.io/datadog/dd-trace-java-docker-build:${JAVA_BUILD_IMAGE_VERSION}-base
+  image: ghcr.io/datadog/dd-trace-java-docker-build:${BUILDER_IMAGE_VERSION_PREFIX}base
   stage: build
   variables:
     MAVEN_OPTS: "-Xms64M -Xmx512M"
@@ -218,6 +217,38 @@ populate_dep_cache:
 #      - GRADLE_TARGET: ":smokeTest"
 #        CACHE_TYPE: "smoke"
 
+publish-artifacts-to-s3:
+  image: registry.ddbuild.io/images/mirror/amazon/aws-cli:2.4.29
+  stage: publish
+  needs: [ build ]
+  script:
+    - source upstream.env
+    - export VERSION="${UPSTREAM_TRACER_VERSION%~*}" # remove ~githash from the end of version
+    - aws s3 cp workspace/dd-java-agent/build/libs/dd-java-agent-${VERSION}.jar s3://dd-trace-java-builds/${CI_COMMIT_REF_NAME}/dd-java-agent.jar
+    - aws s3 cp workspace/dd-trace-api/build/libs/dd-trace-api-${VERSION}.jar s3://dd-trace-java-builds/${CI_COMMIT_REF_NAME}/dd-trace-api.jar
+    - aws s3 cp workspace/dd-trace-ot/build/libs/dd-trace-ot-${VERSION}.jar s3://dd-trace-java-builds/${CI_COMMIT_REF_NAME}/dd-trace-ot.jar
+    - aws s3 cp workspace/dd-java-agent/build/libs/dd-java-agent-${VERSION}.jar s3://dd-trace-java-builds/${CI_PIPELINE_ID}/dd-java-agent.jar
+    - aws s3 cp workspace/dd-trace-api/build/libs/dd-trace-api-${VERSION}.jar s3://dd-trace-java-builds/${CI_PIPELINE_ID}/dd-trace-api.jar
+    - aws s3 cp workspace/dd-trace-ot/build/libs/dd-trace-ot-${VERSION}.jar s3://dd-trace-java-builds/${CI_PIPELINE_ID}/dd-trace-ot.jar
+    - |
+      cat << EOF > links.json 
+        {
+          "S3 Links": [
+            {
+              "external_link": {
+                "label": "Public Link to dd-java-agent.jar",
+                "url": "https://s3.us-east-1.amazonaws.com/dd-trace-java-builds/${CI_PIPELINE_ID}/dd-java-agent.jar"
+              }
+            }
+          ]
+        }
+      EOF
+  artifacts:
+    reports:
+      annotations:
+        - links.json
+
+
 spotless:
   extends: .gradle_build
   stage: tests
@@ -228,7 +259,7 @@ spotless:
 
 test_published_artifacts:
   extends: .gradle_build
-  image: ghcr.io/datadog/dd-trace-java-docker-build:${JAVA_BUILD_IMAGE_VERSION}-7 # Needs Java7 for some tests
+  image: ghcr.io/datadog/dd-trace-java-docker-build:${BUILDER_IMAGE_VERSION_PREFIX}7 # Needs Java7 for some tests
   stage: tests
   needs: [ build ]
   variables:
@@ -366,7 +397,7 @@ muzzle-dep-report:
 
 .test_job:
   extends: .gradle_build
-  image: ghcr.io/datadog/dd-trace-java-docker-build:$testJvm
+  image: ghcr.io/datadog/dd-trace-java-docker-build:${BUILDER_IMAGE_VERSION_PREFIX}$testJvm
   tags: [ "docker-in-docker:amd64" ] # use docker-in-docker runner for testcontainers
   needs: [ build_tests ]
   stage: tests
@@ -553,7 +584,7 @@ test_smoke:
     GRADLE_PARAMS: "-PskipFlakyTests"
     CACHE_TYPE: "smoke"
   parallel:
-    matrix: *test_matrix_2
+    matrix: *test_matrix_4
 
 test_ssi_smoke:
   extends: .test_job
@@ -564,7 +595,7 @@ test_ssi_smoke:
     DD_INJECT_FORCE: "true"
     DD_INJECTION_ENABLED: "tracer"
   parallel:
-    matrix: *test_matrix_2
+    matrix: *test_matrix_4
 
 test_smoke_graalvm:
   extends: .test_job

.gitlab/benchmarks.yml

@@ -4,7 +4,7 @@
   timeout: 1h
   tags: ["runner:apm-k8s-tweaked-metal"]
   image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/benchmarking-platform:dd-trace-java-benchmarks
-  needs: [ "build" ]
+  needs: [ "build", "publish-artifacts-to-s3" ]
   rules:
     - if: '$POPULATE_CACHE'
       when: never
@@ -85,7 +85,7 @@ benchmarks-post-results:
   interruptible: true
   timeout: 1h
   image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/benchmarking-platform:java-dsm-kafka
-  needs: [ "build" ]
+  needs: [ "build", "publish-artifacts-to-s3"]
   script:
     - git clone --branch java/kafka-dsm-overhead https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.ddbuild.io/DataDog/benchmarking-platform.git platform && cd platform
     - ./steps/run-benchmarks.sh
@@ -129,7 +129,7 @@ debugger-benchmarks:
   interruptible: true
   timeout: 1h
   image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/benchmarking-platform:java-debugger
-  needs: ["build"]
+  needs: ["build", "publish-artifacts-to-s3"]
   script:
     - export ARTIFACTS_DIR="$(pwd)/reports" && mkdir -p "${ARTIFACTS_DIR}"
     - git clone --branch java/debugger-benchmarks https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.ddbuild.io/DataDog/benchmarking-platform.git /platform && cd /platform

dd-java-agent/agent-jmxfetch/build.gradle

@@ -11,7 +11,7 @@ plugins {
 apply from: "$rootDir/gradle/java.gradle"
 
 dependencies {
-  api('com.datadoghq:jmxfetch:0.49.7') {
+  api('com.datadoghq:jmxfetch:0.49.8') {
     exclude group: 'org.slf4j', module: 'slf4j-api'
     exclude group: 'org.slf4j', module: 'slf4j-jdk14'
     exclude group: 'com.beust', module: 'jcommander'

dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/AbstractSqsInstrumentation.java

@@ -1,9 +1,14 @@
 package datadog.trace.instrumentation.aws.v1.sqs;
 
 import datadog.trace.agent.tooling.InstrumenterModule;
+import datadog.trace.util.Strings;
 
 public abstract class AbstractSqsInstrumentation extends InstrumenterModule.Tracing {
   public AbstractSqsInstrumentation() {
     super("sqs", "aws-sdk");
   }
+
+  public AbstractSqsInstrumentation(String... additionalNames) {
+    super("sqs", Strings.concat(additionalNames, "aws-sdk"));
+  }
 }

dd-java-agent/instrumentation/aws-java-sqs-1.0/src/main/java/datadog/trace/instrumentation/aws/v1/sqs/SqsJmsMessageInstrumentation.java

@@ -21,6 +21,10 @@
 public class SqsJmsMessageInstrumentation extends AbstractSqsInstrumentation
     implements Instrumenter.ForSingleType, Instrumenter.HasMethodAdvice {
 
+  public SqsJmsMessageInstrumentation() {
+    super("jms");
+  }
+
   @Override
   public String instrumentedType() {
     return "com.amazon.sqs.javamessaging.message.SQSMessage";

dd-java-agent/instrumentation/aws-java-sqs-2.0/src/main/java/datadog/trace/instrumentation/aws/v2/sqs/AbstractSqsInstrumentation.java

@@ -1,9 +1,14 @@
 package datadog.trace.instrumentation.aws.v2.sqs;
 
 import datadog.trace.agent.tooling.InstrumenterModule;
+import datadog.trace.util.Strings;
 
 public abstract class AbstractSqsInstrumentation extends InstrumenterModule.Tracing {
   public AbstractSqsInstrumentation() {
     super("sqs", "aws-sdk");
   }
+
+  public AbstractSqsInstrumentation(String... additionalNames) {
+    super("sqs", Strings.concat(additionalNames, "aws-sdk"));
+  }
 }